tor-dam

tor distributed announce mechanism (not a dht)
git clone https://git.parazyd.org/tor-dam
Log | Files | Refs | README | LICENSE

commit 6b40d0567149017082560dce7d7aebcd8949eb28
parent 3062484b289c2253d713ee5131288287e5c5d6db
Author: parazyd <parazyd@dyne.org>
Date:   Mon, 11 Dec 2017 14:48:07 +0100

Drop out of handlePost sooner if there are missing fields.

This commit also fixes a bug in ValidateReq when there's an invalid
signature. Note to self: maybe handle this better in VerifyMsgRsa?

Diffstat:
Mcmd/dam-dir/main.go | 9+++++++--
Mpkg/damlib/validate.go | 4++--
2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/cmd/dam-dir/main.go b/cmd/dam-dir/main.go @@ -61,15 +61,20 @@ func handlePost(rw http.ResponseWriter, request *http.Request) { return } - decoder := json.NewDecoder(request.Body) - var n nodeStruct + decoder := json.NewDecoder(request.Body) err := decoder.Decode(&n) if err != nil { log.Println("Failed decoding request:", err) return } + // Drop out ASAP. + if len(n.Nodetype) == 0 || len(n.Address) == 0 || + len(n.Message) == 0 || len(n.Signature) == 0 { + return + } + decSig, err := base64.StdEncoding.DecodeString(n.Signature) if err != nil { log.Println("Failed decoding signature:", err) diff --git a/pkg/damlib/validate.go b/pkg/damlib/validate.go @@ -63,9 +63,9 @@ func ValidateReq(req map[string]string, pubkey string) ([]byte, bool) { pub, err := ParsePubkeyRsa([]byte(pubkey)) CheckError(err) - val, err := VerifyMsgRsa(msg, sig, pub) - CheckError(err) + val, _ := VerifyMsgRsa(msg, sig, pub) if val != true { + log.Println("crypto/rsa: verification failure") return nil, false }